NEWS TECH: RANSOMWARE – what you should know this computer danger

The pirates of today work electronically instead of the high seas. You still must protect yourself.

Anti virus programs are not enough; and you are at risk !

If you are a computer user, you need to be aware that you are at risk of malicious intrusion into your computer. You need to take steps to defend you computer against more than what was “old time anti virus” problems. The risks today are more intrusive, more dangerous and more devastating. Ransomware is one of the latest and most serious of the new malware computer attackers.

What is a ransomware attack?

Ransomware is one of the biggest problems on the web right now. It’s a form of malware which encrypts documents on a PC or even across a network. Victims can often only regain access to their files and PCs by paying a ransom to the criminals behind it. A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes.

Cybercriminals didn’t use to be so obvious. If hackers infiltrated your corporate network, they would do everything possible to avoid detection. It was in their best interests not to alert a victim that they’d fallen victim to cybercrime.

Known as AIDS or the PC Cyborg Trojan, the virus was sent to victims — mostly in the healthcare industry — on a floppy disc. The ransomware counted the number of times the PC was booted: once it hit 90, it encrypted the machine and demanded the user ‘renew their license’ with ‘PC Cyborg Corporation ‘ by sending $189 or $378 to a post office box in Panama.

The AIDS demand for payment – by post.Image: Sophos

How did ransomware evolve?

This early ransomware was a relatively simple construct, using basic cryptography which mostly just changed the names of files, making it relatively easy to overcome.

But it set off a new branch of computer crime, which slowly but surely grew in reach — and really took off in the internet age. Before they began using advanced cryptography to target corporate networks, hackers were targeting general internet users with basic ransomware.

One of the most successful variants was ‘Police ransomware’, which tried to extort victims by claiming to be law enforcement and locking the screen with a message warning the user they’d committed illegal online activity, which could get them sent to jail.

However, if the victim paid a fine, the ‘police’ would let the infringement slide and restore access to the computer. Of course, this wasn’t anything to do with law enforcement — this was criminals exploiting innocent people.

An example of ‘Police ransomware’ threatening a UK user.Image: Sophos

While somewhat successful, these forms of ransomware often simply overlaid their ‘warning’ message on the user’s display — and rebooting the machine could get rid of the problem.

Criminals learned from this and now the majority of ransomware schemes use advanced cryptography to truly lock down an infected PC.

What are the main types of ransomware?

Ransomware is always evolving, with new variants continually appearing in the wild and posing new threats to businesses. However, there are certain types of ransomware which have been much more successful than others.

Lockyis successful because those behind it regularly update the code with changes which allow it to avoid detection. They even update it with new functions, including the ability to make ransom demands in 30 languages, helping criminals more easily target victims in around the world. Lockyhas become so successful, it’s one of the most prevelant forms of malware in its own right.

Cryptowallis another form of ransomware which has found great success for a prolonged period of time. Starting life as doppleganger of Cryptolocker, it’s gone onto become one of the most successful types of ransomware.

While some ransomware developers — like those behind Locky or Cryptowall — closely guard their product, keeping it solely for their own use, others happily distribute ransomware to any wannabe hacker keen to cash in on cyber extortion.

One of the most common forms of ransomware distributed in this way is Cerber, which has been known to infect hundreds of thousands of users in just a single month. The original creators of Cerber are selling it on the dark web, allowing other criminals to use the code in return for receiving 40 percent of each ransom paid.

In exchange for giving up some of the profits, wannabe cyber fraudsters are provided with everything they need in order to successfully make money through extortion of victims.

Ultimately, whatever the size of the company, time is money and the longer your network is down, the more it’s going to cost your business.

Even if you regain access to your networks by paying a ransom, there will be additional costs on top of that. In order to avoid future attacks — especially if you’ve been marked as an easy target — be prepared to invest in additional cybersecurity software and to pay for additional staff training.

There’s also the risk of customers losing trust in your business because of poor cybersecurity and taking their custom elsewhere.

Why should businesses worry about ransomware?

To put it simply: ransomware could ruin your business. Being locked out of your own network for even just a day will impact on your revenue. But given that ransomware takes most victims offline for at least a week, or sometimes months, the losses can be significant. Systems go offline for so long not just because ransomware locks the system, but because of all the effort required to clean up and restore the networks.

And it isn’t just the immediate financial hit of ransomware which will damage a business; consumers become wary of giving their custom to organisations they believe to be insecure.

How does ransomware infect your PC?

It’s the modern enterprise’s reliance on the internet which is enabling ransomware to boom. Everyday, every employee receives hundreds of emails and many roles require these employees to download and open attachments, so it’s something which is often done on autopilot. Taking advantage of employees’ willingness to open attachments from unknown senders is allowing cybercriminals to successfully run ransomware campaigns.

A spam email claiming the target has purchased a flight – complete with fake invoice containing the ransomware.Image: Symantec

While some messages give away clues to their malicious nature with poorly-worded messages or strange return addresses, others are specially tailored to look as convincing as possible, and appear no different from any other message the victim might be sent.

Once the malicious attachment has been opened, the user is encouraged to enable macros in order to view and edit the document. It’s when this is enabled that the ransomware code hidden within the macros strikes. It can encrypt files in seconds, leaving the victim with a ransom note demanding a payment ranging from a few hundred dollars to tens of thousands of dollars in order to get them back.

Which organisations are targets for ransomware?

Any business can find itself a victim of ransomware, but perhaps the most high-profile incident occurred when the Hollywood Presbyterian Medical Center in Los Angeles became infected with Locky ransomware. The infection left doctors and nurses unable to access patient files for days, until the hospital opted to give into the ransom demands of hackers in order to restore services.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Allen Stefanek, CEO of the hospital, said at the time.

Locky is one of the most successful forms of ransomware.Image: F-Secure

Hospitals and other healthcare organisations are popular targets for ransomware attacks, because they are often willing to pay. Losing access to data is a life-or-death matter for them — and hospitals don’t want to be held responsible for letting people die due to poor cybersecurity. However, there are even cybercriminals who think attacking hospitals is too despicable an activity.

Small and medium -ized businesses are a popular target because they tend to have poorer cybersecurity than large organisations. Despite that, many SMEs falsely believe they’re too small to be targeted — but even a ‘smaller’ ransom of a few hundred dollars is still highly profitable for cybercriminals.

Why is ransomwareso successful?

You could say there’s one key reason why ransomware has boomed: because it works. Organisations can have the best antivirus software in the world, but all it takes for ransomware to infect the network is for one user to slip up and launch a malicious attachment.

If organisations weren’t giving in to ransom demands, criminals would stop using ransomware. But businesses do need access to data in order to function so many are willing to pay a ransom and get it over and done with.

Meanwhile, for criminals it’s a very easy way to make money. Why spend time and effort developing complex code or generating fake credit cards from stolen bank details if ransomware can result in instant payments of hundreds or even thousands of dollars from large swathes of infected victims at once?

What does all this have to do with the average home user?The average home user is at risk as much as any corporation or business, maybe even more because the average home computer user is less likely to take cyber security as seriously as a business. “Why hack me? I don’t have much on my computer.” Hackers will attack home computers for other reasons than data retrieval or evil intent of forcing a ransom to unlock the device. Some hackers want to use the home device as a surrogate so they are less likely to be caught as your device is the culprit now, not their devices.

The bottom lineThe days of simple antivirus programs are long gone as the Internet develops more and more. Today, the home PC user must install new defensive mechanisms, anti ransomware.
Users also should be running anti-malware, more sophisticated antivirus applications. These new protection programs can be found on the Internet and their cost should be incorporated into the home user’s budget for computer activity.

Spend a little time searching for anti ransomware and malware protection on the Internet; save yourself money, time and pain in the long run.